General
-
Target
3692fee3efcd9c86449b71f4d5e8523f085824cf0416e6b0e61704e426067261
-
Size
414KB
-
Sample
220521-n9tpvsaagp
-
MD5
a12f93cf32b5197a29cae3b3540755d9
-
SHA1
a875e527040f77e017c96476d486cf17b4207aed
-
SHA256
3692fee3efcd9c86449b71f4d5e8523f085824cf0416e6b0e61704e426067261
-
SHA512
c3c589290424d2ceef92cc4b43d6ee3158fad59ae91d89ba497eef7943cffb30f07fab8b9c1e2e6d148cc413379d713e181da9ca9f8599855aa2c002abc79e46
Static task
static1
Behavioral task
behavioral1
Sample
54334678.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
54334678.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.bapipl.com - Port:
587 - Username:
skc@bapipl.com - Password:
Bharat123
Targets
-
-
Target
54334678.exe
-
Size
493KB
-
MD5
2527ea0b70badfe77b19f06b2d788dca
-
SHA1
e69270d97d39a896b5659e65586ac488c867d144
-
SHA256
e1c5d948acc6e111d7ac16afb0d2474163fa478595caa8751afd266d71f0a9e8
-
SHA512
e15aeefd97524e37eeb823356560e5d39e34a7e7b4688656dededad463f853c3c4104f82071db09505ca7b31e1ac8b85c9fb04b3ce0bf0c194be96d5f62cb9df
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-